惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
雷峰网
雷峰网
Recent Announcements
Recent Announcements
月光博客
月光博客
G
Google Developers Blog
腾讯CDC
S
Secure Thoughts
大猫的无限游戏
大猫的无限游戏
T
Tenable Blog
云风的 BLOG
云风的 BLOG
W
WeLiveSecurity
博客园 - 【当耐特】
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 聂微东
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
P
Privacy International News Feed
MyScale Blog
MyScale Blog
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
Attack and Defense Labs
Attack and Defense Labs
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
aimingoo的专栏
aimingoo的专栏
I
Intezer
Vercel News
Vercel News
小众软件
小众软件
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
Netflix TechBlog - Medium
P
Proofpoint News Feed
Latest news
Latest news
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tor Project blog
S
Security Affairs
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
博客园 - Franky
C
Cyber Attacks, Cyber Crime and Cyber Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
美团技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
Security @ Cisco Blogs
L
LINUX DO - 热门话题
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
D
Docker
L
Lohrmann on Cybersecurity
F
Full Disclosure

Programming Throwdown

187: Agentic Coding | Programming Throwdown 186: Becoming a Manager | Programming Throwdown 185: Workflow Orchestrators 184: Asynchronous Programming | Programming Throwdown 183: Landing a Software Job in 2025 182: AI Assisted Coding | Programming Throwdown 181: Memory Management | Programming Throwdown 180: Reinforcement Learning | Programming Throwdown 179: Project Planning | Programming Throwdown 178: Working from Home | Programming Throwdown 177: Vector Databases | Programming Throwdown 176: MLOps at SwampUp | Programming Throwdown 175: Resume Writing | Programming Throwdown 174: Devops | Programming Throwdown 173: Mocking and Unit Tests 172: Transformers and Large Language Models 171: Compilers and Interpreters | Programming Throwdown 170: 2023 Holiday Special Live 169: HyperLogLog | Programming Throwdown 168: Godot | Programming Throwdown 167: Desktop User Interfaces | Programming Throwdown 166: Speedy Database Queries with Lukas Fittl 165: Differential Equations | Programming Throwdown 164: Choosing a Database For Your Project With Kris Zyp 163: Recursion | Programming Throwdown 162: Interactive Fiction | Programming Throwdown 161: Leveraging Generative AI Models with Hagay Lupesko 160: Position Localization | Programming Throwdown 159: GraphQL with Tanmai Gopal 158: Software Supply Chain with Bill Manning 157: Kubernetes with Craig Box 156: Perl and Regular Expressions 155: The Future of Search with Saahil Jain 154: Python Again with Jason C. McDonald 153: ChatGPT | Programming Throwdown 152: The Future Database with Sam Lambert 151: Machine Learning Engineering with Liran Hason 150: Code Reviews with On Freund 149: Workflow Engines with Sanjay Siddhanti S1: Holiday 2022 Special | Programming Throwdown 148: Package Management with Max Howell 147: Quantum Computing with Yonatan Cohen 146: RubyShield, Ruby Central, and Shopify with Mike Dalessio and Evan Phoenix 145: Unsupervised Machine Learning | Programming Throwdown 144: Kotlin Coroutines with Marcin Moskala 143: The Evolution of Search with Marcus Eagan 142: Data Ops with Douwe Maan 141: Social Gaming with Chip Morningstar 140: Developer Burnout and Infrastructure as Code with Ronak Rahman 139: Scientific Python with Guido Imperiale 138: Fixing the Internet with John Day 137: The Origins of the Internet with John Day 136: Metaverse with Daniel Liebeskind 135: Kubernetes with Aran Khanna 134: Ephemeral Environments with Benjie De Groot 133: Solving for the Marketplace Problem with Andrew Yates 132: Funding Open-Source Projects | Programming Throwdown 131: Supporting your Favorite Creators with Brave with Jimmy Secretan 130: Ethical Hacking with Ted Harrington Episode 129 - Web3.0: Breaking free from the Client Server Model with Michelle Lee 128: WebAssembly with Kevin Hoffman 127: AI for Code with Eran Yahav 126 - Serverless Computing with Erez Berkner 125 - Object Caching Systems 124 - Holiday Episode 2021! 123 - Project Planning | Programming Throwdown 122 - Building Conversational AI's with Joe Bradley 121 - Edge Computing with Jaxon Repp Machine Learning Embeddings with Edo Liberty The Art of Vacations | Programming Throwdown Building a Robotics Software Platform with Abhay Venkatesh 117 - Authentication with Aviad Mizrachi Hash Maps | Programming Throwdown Route Planning with Parker Woodward Code Documentation with Omer Rosenbaum and Tim Post Episode 113 - Full Stack Web Apps Using Only Python with Meredydd Luff Trees | Programming Throwdown Episode 111: Real-time Data Streaming with Frank McSherry Digital Marketing with Kevin Urrutia Kotlin | Programming Throwdown Holiday 2020! | Programming Throwdown Augmented Reality | Programming Throwdown A Chatbot with a Brain DevOps and Site Reliability | Programming Throwdown Working From Home | Programming Throwdown Bayesian Thinking | Programming Throwdown ReactJS | Programming Throwdown One Hundredth Episode | Programming Throwdown Squashing bugs using AI and Machine Learning Agile Thinking With ZenHub | Programming Throwdown Christmas Episode | Programming Throwdown Continuous Integration | Programming Throwdown WebRTC | Programming Throwdown Search at Etsy | Programming Throwdown A Journey to Programming Mastery Basics of UI Design for Engineers Functional Programming | Programming Throwdown Terminal and Shells | Programming Throwdown From Combat to Code | Programming Throwdown Image Processing | Programming Throwdown
Episode 110: Security with Dotan Nahum
Patrick Whee · 2021-04-27 · via Programming Throwdown

Programming Throwdown talks cybersecurity with Dotan Nahum, CEO and Co-founder of Spectral. Dotan provides us with a high-level overview of the role of cybersecurity, its definition, evolution, and current challenges. He also shares tips for small- and medium-sized ventures on how to develop best practices.

The episode touches on the following key topics and ideas:

00:01:12 Evolution of modern cybersecurity 

00:06:06 When to integrate security in a design

00:11:54 Shadow IT

00:13:50 Hacker motives and motivations; SQL Injection explained

00:16:48 Firewalls and WAFs

00:20:29 Cybersecurity for small- and medium-sized companies 

00:23:52 “The last mile of developers”

00:26:47 dotfiles

00:32:23 Simple tools and good practices

00:40:42 Attack vectors, attack factors

00:44:16 Ransomware and phishing

00:48:19 Unsafe languages

00:50:02 Fuzzing

00:54:11 Rust programming language

00:55:54 Example security scenario with IntelliJ

00:59:42 More about Spectral, Dotan’s company

01:03:40 Staying virtual using Discord


Transcript:
Episode 110 Computer Security with Dotan Nahum

Jason Gauci: Programming Throwdown Episode 110, Security with Dotan Nahum. Take away, Patrick. 

[00:00:21] Patrick Wheeler: Hey everybody. We're here with a hundred and tenth episode, which is pretty exciting. And we have our guest to-- oh, yeah, go ahead. You want to... 

[00:00:30] Jason Gauci: I'm just saying, yeah!  (laugh) 

[00:00:32] Patrick Wheeler: So we're here with our guest today, Dotan, and you are CEO of Spectral. Why don't you go ahead and introduce yourself briefly, and then we'll get started.

[00:00:42] Dotan Nahum: Yep. So hi, guys. So I am Dotan, and by the way, 110 is binary, right? 

[00:00:48] Patrick Wheeler: Oh, there we go. That's right.  (laugh) 

[00:00:52] Dotan Nahum: So yeah, so I'm Dotan, CEO of Spectral. It's a cybersecurity company, geared towards developers. I mean, we like to say that we create tools for developers with security as a side effect. So yeah, so that's, that's, you know, that's what our focus is. 

[00:01:12] Patrick Wheeler: Awesome. Well, I mean, I guess that's a lot to unpack, so I think everybody would agree, security is very important, but maybe everyone doesn't understand what security is. So we were talking about this a little when we were doing, doing warmups. So if we talk about security, does that mean that you are developing antivirus for computers, for developers, or does it mean something more?

[00:01:35] Dotan Nahum: Yeah, I mean, I mean, it's kind of all goes back to, I guess, evolution of our, I guess it is our domain, our, our world, which is kind of a high-tech or softer, softer world? Time really gets compact with all these revolutions. We have a, we have evolution revolution. 

[00:01:57] So, I mean, if you go back to 2007, that was just before Facebook and just before iPhone, I guess. And if you go back to 2005, that that was before the rise of Microsoft, I guess the major rise of Microsoft as a .net shop, which really made, you know, made all the enterprise software come along and then kind of '98, 2000, the first bubble.

[00:02:27] So all these stages, they had, it's kind of a sprint to create technology. And, the focus is on creating technology that is supposed to give developers productivity, and supposed to make, you know, make companies very productive and create a very nice portfolio of products. 

[00:02:48] And almost always, I mean, maybe not intentionally, but almost always the security side of things, was kind of left behind. You know, I'm sure no one intended for it to be, but, there's a lot of more velocity under creating a great product at the time. Every, each and every step of this, like in the first bubble, and then in 2005, and then into 2007 and so on, rather than, okay, so let's create the technology and the product, and let's also make it, you know, kind of, dependent on making great security, be there for us. 

[00:03:35] So almost every time, security came after the revolution, after the evolution. So we had from, simple firewalls, to intrusion detection, which is, you know, the large kind of, systems that try, try their best to find anomalies in the, in the area of 2000, to the smarter firewalls. And even today, those like, this, mini kind of firewalls, of WAFs that you integrate as an SDK into your app. So yeah, so it's kind of come, it comes in waves, technology, and then, security comes in waves as well. 

[00:04:17] And yeah. So the latest, the latest we're seeing right now in terms of the evolution of software is that yeah, we know that software eats the world, but we are kind of feeling that it already ate the world? So, you know, you can do so much today that you couldn't have done, I mean, as little as three or four years ago, actually. You know, it can take a Lambda and you can pick up a bunch of SAS services and you're done. I mean, you build a product that used to be maybe three, four, five years ago, you know, used to take much more energy to build.

[00:04:58] So in that sense, as a developer, you have so much more power and so many more paths to get to the same end goal that... I'm not sure, I mean, I feel it for myself. I'm not sure the security world can even begin to realize, because they need, I mean, if we, if we think about them as they, then they need to understand how to develop as well as developers in order to give, to create great solutions for that developer, that glue stuff together, and, you know, invent stuff from existing, existing parts.

[00:05:37] Jason Gauci: Yeah, that that makes a bunch of sense. 

[00:05:39] Patrick Wheeler: I say, yeah, that covered, I mean, you, you went to the whole history of modern or last couple of decades of, computer software there, but I was going to say, so one of the interesting things I think before we get into the kind of specifics about, what needs to be secured, this, this kind of, thing you mentioned where people build a product first and then try to figure out security later.

[00:06:02] I guess that's an interesting balance where, if you're building something until it's built, maybe it doesn't really need security. Right? If this was a thought in my head, I don't need security. If people are going to start using it though, immediately, you need to start having some amounts of security. Do you have opinion on like, what is the balance there?

[00:06:19] So if you don't know yet what you're doing and what may be your risks, when is the right time to start considering security and what are some of the good, you know, first things to start considering? 

[00:06:30] Dotan Nahum: Yeah, so that, that's a great, great question. I mean, I think the balance is shifting towards really taking the time, in development time, in design time, and think about security on the security model.

[00:06:46] So, you know, this was kind of theoretical, yeah, everyone should do threat modeling and everyone should do secure by design and so on. And, and frankly, you know, you'll, you'll find these people who are extremely into security that are actually doing these th...